lets just install trivy

2025-09-29 20:06:03 +10:00 · 2025-09-29 20:06:03 +10:00 · fa4deafcc6
commit fa4deafcc6
parent 235661bc43
1 changed files with 8 additions and 8 deletions
--- a/.gitea/workflows/build_push.yml
+++ b/.gitea/workflows/build_push.yml
@ -45,14 +45,14 @@ jobs:
            git.aridgwayweb.com/armistace/blog:latest

      - name: Trivy Scan
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ vars.DOCKER_SERVER }}/${{ vars.DOCKER_USERNAME }}/blog:latest
-          format: table
-          exit-code: 1
-          ignore-unfixed: true
-          vuln-type: os,library
-          severity: HIGH,CRITICAL
+        run: |
+          echo "Installing Trivy
+          sudo apt-get install wget apt-transport-https gnupg lsb-release
+          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+          sudo apt-get update
+          sudo apt-get install trivy
+          trivy image --format table --exit-code 1 --ignore-unfixed --vuln-type os,library --severity HIGH,CRITICAL git.aridgwayweb.com/armistace/blog:latest

      - name: Deploy
        run: |